Experience in Designing for Cyber Resiliency in Embedded DoD Systems

Abstract

AbstractIn DoD systems, software component reuse is highly valued, and development is rarely started from scratch. Most embedded weapon systems are a heterogeneous mixture of new, modified, and legacy components. This mixture drives an increased impetus to improve upon the existing system's model, and also creates an opportunity to assess potential cyber vulnerabilities earlier in the lifecycle. In this paper, we describe our experience in developing an experimental platform, which is a representative testbed that incorporates legacy, modified, and new components, using a process where we address cyber resiliency early in development. We give accounts of where each of the parts of our representative testbed originated, what modeling decisions we made, and how we analyzed cyber vulnerabilities. We also propose a system engineering process, based on architectural modeling of the system, which introduces analysis early in the design for cyber resiliency. We are developing an approach to use advanced tools to find vulnerabilities and to develop cyber resiliency requirements to counter those vulnerabilities. The creation of the model and documentation of cyber resiliency requirements and design decisions provide a positive impact on the system lifecycle and future integration of the system.